Microsoft Word rfid-expo-2c rtf
Download 93.76 Kb. Pdf ko'rish
|
|
Unauthorized tag tracking. These are privacy attacks in which the attacker can trace tags
through rogue readers. We distinguish these attacks from “Big Brother” concerns that corporate entities managing the back-end server might leverage RFID capabilities to infringe on the privacy of consumers. A detailed analysis of consumer privacy concerns is given in [14], addressing policies, standards, and checks to protect consumer interests. In this paper we concentrate instead on the prospect of rogue readers, controlled by hackers or adversarial organizations, being used to monitor tags. This issue is more difficult to address, since hackers cannot be presumed to adhere to policies or standards, or to follow specified protocols. Replay attacks. These are integrity attacks in which the attacker uses a tag’s response to a rogue reader’s challenge to impersonate the tag. The main concern here is in the context of RFIDs being used as contactless identification cards (in substitution of magnetic swipe cards) to provide access to secured areas and/or resources. In such applications, RFIDs can be more vulnerable than other mechanisms, again due to their ability to be read at a distance by covert readers. RFID protocols must be lightweight, taking into account the severe constraints imposed on the available power (induced at the antenna), the extremely limited computational capabilities, the small memory size, and the characteristics of the IC design (e.g., number of gates available for security code). In particular, most RFID platforms can only implement highly optimized symmetric-key cryptography. In this paper, we are mainly concerned with security issues at the protocol layer. We are not concerned with physical or link layer issues, such as the coupling design, the power-up and collision arbitration processes, or the air-RFID interface. For details on such issues, and more generally on standards for RFID systems, the reader is referred to the Electronic Protocol Code [10] and the ISO 18000 standard [17]. We do point out, however, that physical attacks such as jamming and collision attacks are major security concerns for RFID applications. In Section 7 we shall discuss side-channel attacks and timing attacks—both types are physical attacks that target the protocol layer interface. A highly desirable security feature for RFID technologies is modularity: RFID tags may be deployed in a variety of contexts with similar security characteristics. This widespread practice can nonetheless introduce vulnerabilities: For instance, protocols are often analyzed under the implicit assumption of operating in isolation, and therefore may fail in unexpected ways when used in combination with other protocols. Since RFID tags may be components of larger ubiquitous systems, it is preferable to pursue security analysis techniques that guarantee preservation of security when the protocols are executed in arbitrary composition with other (secure) protocols. This type of security is provided by formalizing and analyzing the security of protocols within the universal composability (UC) framework [5, 6, 7]. (An alternative formal models-type approach called reactive systems was proposed by Pfitzmann and Waidner [20, 21].) There are several RFID protocols that achieve this level of security by using lightweight cryptographic mechanisms [4, 23]. We shall discuss these in more detail in the following sections. II. RFID D EPLOYMENTS A typical deployment of an RFID system involves three types of legitimate entities, namely tags, readers and back-end servers. The tags are attached to, or embedded in, objects to be identified. They consist of a transponder and an RF coupling element. The coupling element has an antenna coil to capture RF power, clock pulses and data from the RFID reader. The readers typically contain a transceiver, a control unit, and a coupling element, to interrogate tags. They implement a radio interface to the tags and also a high level interface to a back- end server that processes captured data. The back-servers are trusted entities that maintain a database containing the information needed to identify tags, including their identification numbers. Since the integrity of an RFID system is entirely dependent on the proper behavior of the server, it is assumed that the server is physically secure and not attackable. It is certainly legitimate to consider privacy mechanisms that reduce the trust on the back-end server—for instance, to mitigate the ability of the server to collect user-behavior information, or to make the server function auditable. In this paper, however, we shall not investigate such privacy attacks. These have been discussed extensively elsewhere. For an overview of measures and mechanisms that can be used to deal with privacy issues concerning back-end servers we refer the reader to [22]. Here we shall consider the servers to be entirely trusted. III. P ASSIVE RFID TAGS There are basically three types of passive RFID transponders. Download 93.76 Kb. Do'stlaringiz bilan baham: 
|